Changelog of SSG BETA-version

1. [DPI] New protocols added: BIGOTV [49305], SAYHI [49306], AZARLIVE [49307].
2. Added: hot parameter smartdrop = 1. If drop is set for the protocol, it will be deferred until the TLS is parsed or a TLS parsing error occurs.
3. Fixed: Adding HTTP domains ending with : (port number).
4. [Utils] Fixed: checkproto now considers MARK1 and checks if the port number is specified. For example, checkproto 8.8.8.8 443 www.google.com and checkproto 8.8.8.8 www.google.com may return different results.
5. Changed the path for loading ASNUM from VAS Cloud (cloud.vasexperts.ru).
6. Blacklist blocking in GTP tunnel (with the detect_gtp_tunnel setting).
7. Fixed: HTTPS blocking with the hard option.

1. [DPI] Improved Viber recognition.
2. Support for reload of /etc/dpi/asnum6.bin.
3. [Utils] bin2as now accepts any number of input files as arguments.
4. [Utils] ascheckip accepts addresses for batch verification via stdin.
5. [Utils] bgp2bin works similarly to as2bin, but only accepts /24 or larger subnets. It recognizes the IP1-IP2 range format as in RIPE records (extracting /24 or larger subnets from it). Subsequent entries take precedence over previous ones, creating a slightly larger file than as2bin. However, in this file, subnet ranges do not overlap (as less prioritized entries are filtered out). This allows the utility to process data from multiple sources in order of priority.
6. [BRAS][PPP] Fixed: Heterogeneous dual-stack. One address (IPv4 or IPv6) is explicitly set, while the other (IPv6 or IPv4) is assigned via framed-pool.

1. [DPI] Fixed: searching for both * and : in HTTP domains simultaneously
2. [DPI] Fixed: removal of addresses in virtual channels during reload
3. [DPI] Fixed: ignoring drop when the smartdrop parameter is set in case of SSL parsing errors
4. [BRAS][PPP] Fixed: consideration of the bras_pppoe_trace_mac option when saving DHCPv6 packets in pcap. Previously, only the bras_dhcp_trace_mac option was considered. Now, for DHCPv6 packets in the PPPoE tunnel, bras_pppoe_trace_mac is also taken into account

1. [DPI] Reduced the number of false positives for DPI TUNNEL
2. [DPI] Fixed errors when assigning vchannel by IP/CIDR

1. [DPI] Fixed: blocking by IP of DNS working over TCP
2. [DPI] Increased packet inspection depth when searching for BIGOTV
3. [DPI Utils] Fixed checkproto for the case of an unknown IP protocol
4. Initial support for writing alert logs to syslog. Enabled with the syslog_level=7 setting (defines the highest level of messages to be duplicated in syslog, default is off). Notes:
   1. By default, rsyslog replaces tab characters and newlines with their codes when writing to a text log. To disable this, create a file /etc/rsyslog.d/fastdpi.conf with the setting

      global(parser.escapeControlCharactersOnReceive="off")

      or use the journalctl utility. Example:

      journalctl -t fastdpi -p 4 --since "1 hour ago" -o verbose --output-fields PRIORITY,MESSAGE

   2. Logs can be redirected to a remote server. Example from /etc/rsyslog.conf:
      1. On the local server with fastdpi:

         *.*  action(type="omfwd" target="192.0.0.1" port="10514" protocol="tcp"
                     action.resumeRetryCount="100"
                     queue.type="linkedList" queue.size="10000")

      2. On the remote server:

         input(type="imptcp" port="10514"
               ruleset="writeRemoteData")
         ruleset(name="writeRemoteData"
                 queue.type="fixedArray"
                 queue.size="250000"
                 queue.dequeueBatchSize="4096"
                 queue.workerThreads="4"
                 queue.workerThreadMinimumMessages="60000"
                ) {
             action(type="omfile" file="/var/log/fastdpi.log"
                    ioBufferSize="64k" flushOnTXEnd="off"
                    asyncWriting="on")

You can check the current installed version with the command below

yum info fastdpi

If you have CentOS 6.x or CentOS 8.x installed, then switch the repository once with the command:

sed -i -e '/^mirrorlist=http:\/\//d' -e 's/^# *baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault .centos.org/' /etc/yum.repos.d/CentOS-*.repo

and then update as usual.

To install the test version, you should issue the following command:

yum --enablerepo vasexperts-beta update fastdpi

Downgrade to 13.1:

yum downgrade fastdpi-13.1 fastpcrf-13.1